Public bug reported:
Attempt to send qemu monitor command crashed the VM. I have sent the
following qemu monitor command to a running instance:
virsh qemu-monitor-command --hmp instance-xxxxxxx 'change vnc none'
At the time I was connected via VNC. Closing my xvncviewer resulted
in a crash of the VM.
Backtrace:
*** Error in `/usr/bin/qemu-system-x86_64': free(): invalid pointer:
0x0000564f887a87e0 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7fa18b38b7e5]
/lib/x86_64-linux-gnu/libc.so.6(+0x8037a)[0x7fa18b39437a]
/lib/x86_64-linux-gnu/libc.so.6(cfree+0x4c)[0x7fa18b39853c]
/usr/bin/qemu-system-x86_64(+0x4b25dd)[0x564f871a75dd]
/usr/bin/qemu-system-x86_64(visit_type_VncServerInfo+0xa2)[0x564f871b9612]
/usr/bin/qemu-system-x86_64(qapi_free_VncServerInfo+0x30)[0x564f871a6be0]
/usr/bin/qemu-system-x86_64(+0x441bca)[0x564f87136bca]
/usr/bin/qemu-system-x86_64(vnc_disconnect_finish+0x37)[0x564f87137bf7]
/usr/bin/qemu-system-x86_64(aio_dispatch+0x68)[0x564f8715dcb8]
/usr/bin/qemu-system-x86_64(+0x45bf9e)[0x564f87150f9e]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_context_dispatch+0x2a7)[0x7fa18c06c197]
/usr/bin/qemu-system-x86_64(main_loop_wait+0x18b)[0x564f8715c5bb]
/usr/bin/qemu-system-x86_64(main+0x17b4)[0x564f86ed64e4]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7fa18b334830]
/usr/bin/qemu-system-x86_64(_start+0x29)[0x564f86edbb79]
Version info:
ii qemu-system 1:2.5+dfsg-5ubuntu10.16
amd64 QEMU full system emulation binaries
ii qemu-system-x86 1:2.5+dfsg-5ubuntu10.16
amd64 QEMU full system emulation binaries (x86)
ii qemu-utils 1:2.5+dfsg-5ubuntu10.16
amd64 QEMU utilities
ii libvirt-bin 1.3.1-1ubuntu10.14
amd64 programs for the libvirt library
ii libvirt0:amd64 1.3.1-1ubuntu10.14
amd64 library for interfacing with different virtualization systems
ii nova-compute-libvirt 2:13.1.4-0ubuntu3
all OpenStack Compute - compute node libvirt support
ii python-libvirt 1.3.1-1ubuntu1
amd64 libvirt Python bindings
uname -a
Linux <redacted> 4.10.0-32-generic #36~16.04.1-Ubuntu SMP Wed Aug 9 09:19:02
UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
Qemu startup:
starting up libvirt version: 1.3.1, package: 1ubuntu10.14 (Jorge Niedbalski
<jorge.niedbal...@canonical.com> Thu, 10 Aug 2017 22:50:46 -0400), qemu
version: 2.5.0 (Debian 1:2.5+dfsg-5ubuntu10.14), hostname: <redacted>
LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
QEMU_AUDIO_DRV=none /usr/bin/qemu-system-x86_64 -name instance-000015ea -S
-machine pc-i440fx-xenial,accel=kvm,usb=off -cpu
Haswell-noTSX,+abm,+pdpe1gb,+rdrand,+f16c,+osxsave,+dca,+pdcm,+xtpr,+tm2,+est,+smx,+vmx,+ds_cpl,+dtes64,+pbe,+tm,+ht,+ss,+acpi,+ds,+vme
-m 32768 -realtime mlock=off -smp 10,sockets=5,cores=1,threads=2 -object
memory-backend-file,id=ram-node0,prealloc=yes,mem-path=/dev/hugepages/libvirt/qemu,share=yes,size=34359738368,host-nodes=0,policy=bind
-numa node,nodeid=0,cpus=0-9,memdev=ram-node0 -uuid
9c2c7bdb-baae-45e7-888f-d090b3d331be -smbios 'type=1,manufacturer=OpenStack
Foundation,product=OpenStack
Nova,version=13.1.4,serial=24efafa3-b4a7-4489-a06a-17f23a63ff2b,uuid=9c2c7bdb-baae-45e7-888f-d090b3d331be,family=Virtual
Machine' -no-user-config -nodefaults -chardev
socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-instance-000015ea/monitor.sock,server,nowait
-mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew
-global kvm-pit.lost_tick_policy=discard -no-hpet -no-shutdown -boot strict=on
-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive
file=/srv/nova/instances/9c2c7bdb-baae-45e7-888f-d090b3d331be/disk,format=qcow2,if=none,id=drive-virtio-disk0,cache=none
-device
virtio-blk-pci,scsi=off,bus=pci.0,addr=0xd,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1
-drive
file=/srv/nova/instances/9c2c7bdb-baae-45e7-888f-d090b3d331be/disk.eph0,format=qcow2,if=none,id=drive-virtio-disk1,cache=none
-device
virtio-blk-pci,scsi=off,bus=pci.0,addr=0xe,drive=drive-virtio-disk1,id=virtio-disk1
-drive
file=/srv/nova/instances/9c2c7bdb-baae-45e7-888f-d090b3d331be/disk.swap,format=qcow2,if=none,id=drive-virtio-disk2,cache=none
-device
virtio-blk-pci,scsi=off,bus=pci.0,addr=0xf,drive=drive-virtio-disk2,id=virtio-disk2
-drive
file=/srv/nova/instances/9c2c7bdb-baae-45e7-888f-d090b3d331be/disk.config,format=raw,if=none,id=drive-ide0-1-1,readonly=on,cache=none
-device ide-cd,bus=ide.1,unit=1,drive=drive-ide0-1-1,id=ide0-1-1 -netdev
tap,fd=27,id=hostnet0,vhost=on,vhostfd=29 -device
virtio-net-pci,netdev=hostnet0,id=net0,mac=fa:16:3e:94:ae:0c,bus=pci.0,addr=0x3
-netdev tap,fd=30,id=hostnet1,vhost=on,vhostfd=31 -device
virtio-net-pci,netdev=hostnet1,id=net1,mac=fa:16:3e:0e:c5:cc,bus=pci.0,addr=0x4
-netdev tap,fd=32,id=hostnet2,vhost=on,vhostfd=33 -device
virtio-net-pci,netdev=hostnet2,id=net2,mac=fa:16:3e:7a:1f:cf,bus=pci.0,addr=0x5
-netdev tap,fd=34,id=hostnet3,vhost=on,vhostfd=35 -device
virtio-net-pci,netdev=hostnet3,id=net3,mac=fa:16:3e:70:8a:21,bus=pci.0,addr=0x6
-netdev tap,fd=36,id=hostnet4,vhost=on,vhostfd=37 -device
virtio-net-pci,netdev=hostnet4,id=net4,mac=fa:16:3e:41:2a:c9,bus=pci.0,addr=0x7
-netdev tap,fd=38,id=hostnet5,vhost=on,vhostfd=39 -device
virtio-net-pci,netdev=hostnet5,id=net5,mac=fa:16:3e:da:e5:4c,bus=pci.0,addr=0x8
-netdev tap,fd=40,id=hostnet6,vhost=on,vhostfd=41 -device
virtio-net-pci,netdev=hostnet6,id=net6,mac=fa:16:3e:c5:0f:8d,bus=pci.0,addr=0x9
-netdev tap,fd=42,id=hostnet7,vhost=on,vhostfd=43 -device
virtio-net-pci,netdev=hostnet7,id=net7,mac=fa:16:3e:db:c5:4a,bus=pci.0,addr=0xa
-netdev tap,fd=44,id=hostnet8,vhost=on,vhostfd=45 -device
virtio-net-pci,netdev=hostnet8,id=net8,mac=fa:16:3e:9f:b6:15,bus=pci.0,addr=0xb
-netdev tap,fd=46,id=hostnet9,vhost=on,vhostfd=47 -device
virtio-net-pci,netdev=hostnet9,id=net9,mac=fa:16:3e:df:f2:0b,bus=pci.0,addr=0xc
-chardev
file,id=charserial0,path=/srv/nova/instances/9c2c7bdb-baae-45e7-888f-d090b3d331be/console.log
-device isa-serial,chardev=charserial0,id=serial0 -chardev pty,id=charserial1
-device isa-serial,chardev=charserial1,id=serial1 -device usb-tablet,id=input0
-vnc 0.0.0.0:0 -k en-us -device cirrus-vga,id=video0,bus=pci.0,addr=0x2 -device
virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x10 -msg timestamp=on
char device redirected to /dev/pts/1 (label charserial1)
** Affects: qemu
Importance: Undecided
Status: New
** Tags: canonical-bootstack
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1721468
Title:
Free invalid pointer crash in vnc
Status in QEMU:
New
Bug description:
Attempt to send qemu monitor command crashed the VM. I have sent the
following qemu monitor command to a running instance:
virsh qemu-monitor-command --hmp instance-xxxxxxx 'change vnc none'
At the time I was connected via VNC. Closing my xvncviewer resulted
in a crash of the VM.
Backtrace:
*** Error in `/usr/bin/qemu-system-x86_64': free(): invalid pointer:
0x0000564f887a87e0 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7fa18b38b7e5]
/lib/x86_64-linux-gnu/libc.so.6(+0x8037a)[0x7fa18b39437a]
/lib/x86_64-linux-gnu/libc.so.6(cfree+0x4c)[0x7fa18b39853c]
/usr/bin/qemu-system-x86_64(+0x4b25dd)[0x564f871a75dd]
/usr/bin/qemu-system-x86_64(visit_type_VncServerInfo+0xa2)[0x564f871b9612]
/usr/bin/qemu-system-x86_64(qapi_free_VncServerInfo+0x30)[0x564f871a6be0]
/usr/bin/qemu-system-x86_64(+0x441bca)[0x564f87136bca]
/usr/bin/qemu-system-x86_64(vnc_disconnect_finish+0x37)[0x564f87137bf7]
/usr/bin/qemu-system-x86_64(aio_dispatch+0x68)[0x564f8715dcb8]
/usr/bin/qemu-system-x86_64(+0x45bf9e)[0x564f87150f9e]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_context_dispatch+0x2a7)[0x7fa18c06c197]
/usr/bin/qemu-system-x86_64(main_loop_wait+0x18b)[0x564f8715c5bb]
/usr/bin/qemu-system-x86_64(main+0x17b4)[0x564f86ed64e4]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7fa18b334830]
/usr/bin/qemu-system-x86_64(_start+0x29)[0x564f86edbb79]
Version info:
ii qemu-system 1:2.5+dfsg-5ubuntu10.16
amd64 QEMU full system emulation binaries
ii qemu-system-x86 1:2.5+dfsg-5ubuntu10.16
amd64 QEMU full system emulation binaries (x86)
ii qemu-utils 1:2.5+dfsg-5ubuntu10.16
amd64 QEMU utilities
ii libvirt-bin 1.3.1-1ubuntu10.14
amd64 programs for the libvirt library
ii libvirt0:amd64 1.3.1-1ubuntu10.14
amd64 library for interfacing with different virtualization systems
ii nova-compute-libvirt 2:13.1.4-0ubuntu3
all OpenStack Compute - compute node libvirt support
ii python-libvirt 1.3.1-1ubuntu1
amd64 libvirt Python bindings
uname -a
Linux <redacted> 4.10.0-32-generic #36~16.04.1-Ubuntu SMP Wed Aug 9 09:19:02
UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
Qemu startup:
starting up libvirt version: 1.3.1, package: 1ubuntu10.14 (Jorge Niedbalski
<jorge.niedbal...@canonical.com> Thu, 10 Aug 2017 22:50:46 -0400), qemu
version: 2.5.0 (Debian 1:2.5+dfsg-5ubuntu10.14), hostname: <redacted>
LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
QEMU_AUDIO_DRV=none /usr/bin/qemu-system-x86_64 -name instance-000015ea -S
-machine pc-i440fx-xenial,accel=kvm,usb=off -cpu
Haswell-noTSX,+abm,+pdpe1gb,+rdrand,+f16c,+osxsave,+dca,+pdcm,+xtpr,+tm2,+est,+smx,+vmx,+ds_cpl,+dtes64,+pbe,+tm,+ht,+ss,+acpi,+ds,+vme
-m 32768 -realtime mlock=off -smp 10,sockets=5,cores=1,threads=2 -object
memory-backend-file,id=ram-node0,prealloc=yes,mem-path=/dev/hugepages/libvirt/qemu,share=yes,size=34359738368,host-nodes=0,policy=bind
-numa node,nodeid=0,cpus=0-9,memdev=ram-node0 -uuid
9c2c7bdb-baae-45e7-888f-d090b3d331be -smbios 'type=1,manufacturer=OpenStack
Foundation,product=OpenStack
Nova,version=13.1.4,serial=24efafa3-b4a7-4489-a06a-17f23a63ff2b,uuid=9c2c7bdb-baae-45e7-888f-d090b3d331be,family=Virtual
Machine' -no-user-config -nodefaults -chardev
socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-instance-000015ea/monitor.sock,server,nowait
-mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew
-global kvm-pit.lost_tick_policy=discard -no-hpet -no-shutdown -boot strict=on
-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive
file=/srv/nova/instances/9c2c7bdb-baae-45e7-888f-d090b3d331be/disk,format=qcow2,if=none,id=drive-virtio-disk0,cache=none
-device
virtio-blk-pci,scsi=off,bus=pci.0,addr=0xd,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1
-drive
file=/srv/nova/instances/9c2c7bdb-baae-45e7-888f-d090b3d331be/disk.eph0,format=qcow2,if=none,id=drive-virtio-disk1,cache=none
-device
virtio-blk-pci,scsi=off,bus=pci.0,addr=0xe,drive=drive-virtio-disk1,id=virtio-disk1
-drive
file=/srv/nova/instances/9c2c7bdb-baae-45e7-888f-d090b3d331be/disk.swap,format=qcow2,if=none,id=drive-virtio-disk2,cache=none
-device
virtio-blk-pci,scsi=off,bus=pci.0,addr=0xf,drive=drive-virtio-disk2,id=virtio-disk2
-drive
file=/srv/nova/instances/9c2c7bdb-baae-45e7-888f-d090b3d331be/disk.config,format=raw,if=none,id=drive-ide0-1-1,readonly=on,cache=none
-device ide-cd,bus=ide.1,unit=1,drive=drive-ide0-1-1,id=ide0-1-1 -netdev
tap,fd=27,id=hostnet0,vhost=on,vhostfd=29 -device
virtio-net-pci,netdev=hostnet0,id=net0,mac=fa:16:3e:94:ae:0c,bus=pci.0,addr=0x3
-netdev tap,fd=30,id=hostnet1,vhost=on,vhostfd=31 -device
virtio-net-pci,netdev=hostnet1,id=net1,mac=fa:16:3e:0e:c5:cc,bus=pci.0,addr=0x4
-netdev tap,fd=32,id=hostnet2,vhost=on,vhostfd=33 -device
virtio-net-pci,netdev=hostnet2,id=net2,mac=fa:16:3e:7a:1f:cf,bus=pci.0,addr=0x5
-netdev tap,fd=34,id=hostnet3,vhost=on,vhostfd=35 -device
virtio-net-pci,netdev=hostnet3,id=net3,mac=fa:16:3e:70:8a:21,bus=pci.0,addr=0x6
-netdev tap,fd=36,id=hostnet4,vhost=on,vhostfd=37 -device
virtio-net-pci,netdev=hostnet4,id=net4,mac=fa:16:3e:41:2a:c9,bus=pci.0,addr=0x7
-netdev tap,fd=38,id=hostnet5,vhost=on,vhostfd=39 -device
virtio-net-pci,netdev=hostnet5,id=net5,mac=fa:16:3e:da:e5:4c,bus=pci.0,addr=0x8
-netdev tap,fd=40,id=hostnet6,vhost=on,vhostfd=41 -device
virtio-net-pci,netdev=hostnet6,id=net6,mac=fa:16:3e:c5:0f:8d,bus=pci.0,addr=0x9
-netdev tap,fd=42,id=hostnet7,vhost=on,vhostfd=43 -device
virtio-net-pci,netdev=hostnet7,id=net7,mac=fa:16:3e:db:c5:4a,bus=pci.0,addr=0xa
-netdev tap,fd=44,id=hostnet8,vhost=on,vhostfd=45 -device
virtio-net-pci,netdev=hostnet8,id=net8,mac=fa:16:3e:9f:b6:15,bus=pci.0,addr=0xb
-netdev tap,fd=46,id=hostnet9,vhost=on,vhostfd=47 -device
virtio-net-pci,netdev=hostnet9,id=net9,mac=fa:16:3e:df:f2:0b,bus=pci.0,addr=0xc
-chardev
file,id=charserial0,path=/srv/nova/instances/9c2c7bdb-baae-45e7-888f-d090b3d331be/console.log
-device isa-serial,chardev=charserial0,id=serial0 -chardev pty,id=charserial1
-device isa-serial,chardev=charserial1,id=serial1 -device usb-tablet,id=input0
-vnc 0.0.0.0:0 -k en-us -device cirrus-vga,id=video0,bus=pci.0,addr=0x2 -device
virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x10 -msg timestamp=on
char device redirected to /dev/pts/1 (label charserial1)
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1721468/+subscriptions
